The complexity of the EU General Data Protection Regulation is often alleviated by the guidance of regulatory authorities who contribute their practical interpretation of the black letter of the law and provide welcome certainty. However, the latest draft guidelines issued by the Article 29 Working Party on automated decision-making has thrown up a particular curve ball which bears further investigation. It relates to whether Article 22(1) of the GDPR should be read as a right available to data subjects or as a straightforward prohibition for controllers.
On November 23, the data protection authority (DPA) of the German Federal State of Hamburg imposed a €200,000 fine against the Hamburg-based savings & loan Hamburger Sparkasse due to violations of the German Federal Data Protection Act (the BDSG) for, among other reasons, using neuromarketing techniques without customer consent. The case — which attracted much negative publicity in Germany, including page 1 headlines and “top spots” in television news — may very well influence the assessment of neuromarketing techniques under data protection laws beyond Germany.
Two national newspapers today included items on targeted advertising, a further indication that online tracking remains a hot topic. In an article on the front page of the New York Times entitled “Retargeting Ads Follow Suffers to Other Sites” the reporters note that “[b]ehavioral targeting has been hotly debated in Washington, and lawmakers are considering various proposals to regulate it. A Wall Street Journal opinion piece by Emory University Economics Professor Paul Rubin paints a very different picture from the New York Times article. The piece is entitled “Ten Fallacies About Web Privacy” and in summary form, we present Professor Rubin’s list of privacy fallacies with excerpts of why he thinks the propositions are false. The debate over online tracking, self-regulation and the need (or not) of government regulation will heat up when legislators and policy influencers refocus after Summer vacations.
The FCC’s National Broadband Plan signals that the Commission will take an expanded role in privacy-related consumer protection issues. This blog entry details the privacy-related aspects of the Plan.